Paul B. Gallagher wrote: > I recently visited an online site that accepts political contributions > for a variety of candidates. I entered my credit card info to make a > contribution, printed my receipt, and left. The next time I visited,
The same contribution site? > SeaMonkey had all the credit card info stored and ready to go, which > was really scary. I poked around and couldn't find any way to > prohibit it from storing info entered in this field or at this site, > so I ended up with the heavy-handed solution of purging ALL saved > data, which will be a safe inconvenience. > > I've now disabled this dangerous feature (after ten minutes of > searching for the checkbox in the prefs -- it was just as hard to > find as last time), because > > a) It never warned me that it was saving credit card info; It wasn't. It merely saves formfield data. It doesn't know it's a credit card. It's just text to the browser. > b) There seems to be no way to prevent it from saving credit card info > -- it sees all form data as equally eligible. Ah, you understand. Browsers don't save specific types of info. They save based on the name and ID of the form field(s). If, for example, that <input> field was named "ccnumber" the browser would save what you typed. If you went to an entirely different web site and there was a field there *also* named "ccnumber", you card number would show up there as well. However, if at the next site the author used the field name of "ccinfo" you would *not* see your previously entered credit card number. In the source HTML, you will find code similar to this: <input type="text" id="ccnumber" name="ccnumber" size="16"> But don't worry. Nobody can see that except you and whoever is sitting at your computer. The web site can't see it until you click the Submit button. > c) There seems to be no way to inspect or edit saved data, so I can't > even be sure SeaMonkey really did purge the data. You could check by revisiting the site and see if your data shows up on the form. > As far as I'm concerned, this is a major security hole that should be > fixed as soon as possible. If saving form data was removed, a lot of folks would be unhappy. It's not a security "hole" and the behaviour will not be altered. -- -bts -Four wheels carry the body; two wheels move the soul _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
